1. Field of the Invention
The present invention concerns a method and an arrangement for variable generation of cryptographic securities, such as for protecting communications, in a host device, of a type suitable for mail processing and having a security module such as franking machines, addressing machines, and similar devices.
2. Description of the Prior Art
A franking imprint contains an indicia representing previously entered and stored postal information, including the mailing fee data to deliver the letter. Modern franking machines enable printing of a special marking in addition to the aforementioned notice. For example, a Communication Authentication Code is generated from the aforementioned indicia and then forms a barcode as a marking. When a security imprint is printed with such a marking, it enables a verification of the validity of the security of the security imprint, for example in the post office (U.S. Pat. No. 5,953,426).
The franking machine JetMail® manufactured by Francotyp-Postalia AG & Co. KG, is equipped with a base and with a detachable meter. The latter contains a security module that, for example, generates a digital signature for a security printing by the franking machine (U.S. Pat. No. 6,041,704).
Furthermore, it is known to cryptographically secure the data exchange between a franking machine and a remote data central when a credit value is downloaded. A security module for this purpose can include a hardware accounting unit and a unit to secure the printing of the postal fee data (European Application 789 333). The hardware accounting unit is realized with an ASIC, and the other unit is realized with an OTP (One Time Programmable processor). The accounting event thus cannot be manipulated by means of a program attenuation, and moreover an arbitrary cryptographic algorithm can be stored in the read-only memory for the OTP processor such that it can be called. An internal OTP storage (memory) stores readable but protected data (among other things, cryptographic keys) that, for example, are necessary to download a credit or to generate a cryptographic security of a communication of the franking machine. A known encoding algorithm, for example Data Encryption Standard (DES), thus can be used for the formation of MAC's for communications of different types, whereby for each type a predetermined cryptographic key is agreed on (stipulated). A security housing of the security module provides external protection against disclosure of the cryptographic keys. (German Utility Model 201 12 350). Franking machines are developed for the most part only for a single purpose, namely to print postal indicia. Expensive encryption technology is thereby used. If further application possibilities for such devices were able to be developed wherein the accepted signal algorithms could be used without a danger of confusion with the postal indicia, this would expand the functionality of the device.
U.S. Pat. No. 6,058,384 generating a signature for a refund indicium, wherein an invalid ZIP code is used, for example 00000-0000. This should prevent a tamperer from fraudulently using the signature as an ordinary printed postmark to send mail.
Alternatives to assemble data for processing with the cryptographic algorithms in a specific manner dependent on the communication type, or in which the communication format is selected differently for a download indicia than for the communication format of an ordinary indicia, for example completely without ZIP, etc., are not always implementable due to the very different regulations of the national postal authorities or private postal carriers.